Upload
oksystem
View
165
Download
6
Embed Size (px)
DESCRIPTION
Citation preview
MOBILE FOR STRONG IDENTITY
TURNING THE MOBILE DEVICE EVOLUTION IN YOUR FAVOR
DAVID MAHDI – PRODUCT MANAGEMENT & MARKETING ENTRUST
WHAT DO THESE HAVE IN COMMON
? May 24, 2013 © Entrust Inc. All Rights Reserved. 1
May 24, 2013 © Entrust Inc. All Rights Reserved. 2
May 24, 2013 © Entrust Inc. All Rights Reserved. 3
May 24, 2013 © Entrust Inc. All Rights Reserved. 4
SO……..
? May 24, 2013 © Entrust Inc. All Rights Reserved. 5
PASSWORDS! HAS ANYTHING CHANGED?
May 24, 2013 © Entrust Inc. All Rights Reserved. 6
SO WHAT, PASSWORDS ARE EASY & CHEAP?!
WHY SHOULD I CARE?
HEARD OF BREACHES…
MORE BREACHES…
*TechCrunch
AND MORE
May 24, 2013 © Entrust Inc. All Rights Reserved. 10 *CNET
IDENTITY CHALLENGES ABOUND
May 24, 2013 © Entrust Inc. All Rights Reserved. 11
Security Threats and Risks Growing Passwords are not secure
User Experience (UX) growing need
password rules & resets
captchas and KBA hardware tokens
Compounded by Cloud and Mobile
STRONG AUTHENTICATION – WHAT ARE THE TRADITIONAL OPTIONS TODAY?
TRADITIONAL AUTHENTICATORS • What are the common types of authenticators today?
• Let’s have a look…
May 24, 2013 © Entrust Inc. All Rights Reserved. 13
EVALUATING THE AUTHENTICATORS: TRANSPARENT AUTHENTICATION
Pro Con
• Minimal user involvement– high usability
• User interaction only when Risk level higher
• No authenticator to deploy
• More complex to initialize • User confusion when prompted • Still requires an additional
authentication (KBA)
Network information
User information
User profile
IP: 216.191.253.108 Browser: IE 7.0 Screen Depth: 1024 …. …
Device ID
EVALUATING THE AUTHENTICATORS: HARDWARE TOKENS
Pro Con
• Proven / familiar • No hardware to deploy to read
OTP
• Single purpose • Lost / forgotten tokens • Seed file security • Cost / distribution
EVALUATING THE AUTHENTICATORS: PAPER (INERT) TOKENS – GRID CARDS
Pro Con
• Easy to use • Multiple forms • Combine with identity badge • Cost effective
• Easier to copy • Should replace more often
• Single purpose
EVALUATING THE AUTHENTICATORS: BIOMETRICS
Pro Con
• Very secure / hard to clone • There always with us- we hope! • Shared readers
• Expensive & technically complex • Capture and storage of personal
data. • Reliability of readers
EVALUATING THE AUTHENTICATORS: PKI (CERTIFICATES)
Pro Con
• Very secure (hard to clone) • Easy to use (transparent) • Extensible to other applications
/ use cases
• Technically complex without PKI experience
• Where to store certificates • If the root is compromised – all
bets are off!
EVALUATING THE AUTHENTICATORS: SMART CARDS
Pro Con
• Very secure • Easy to use • Multipurpose (LACs, PACS,
Employee badge, flash pass)
• Higher cost • Can require a myriad of products
to provision • Card readers required • Lost / stolen cards
AS THE WORLD PROGRESSES… WHAT’S NEXT
more Secure
more Cost effective
more Multi purpose
more Convenient
MOBILE IS POISED TO DISRUPT THIS SPACE!
MOBILE HOLDS THE PROMISE FOR THE NEXT GENERATION OF IDENTITY
Geo Location
Biometrics
Secure Element
Crypto
Application Platform
“Out of Band”
• Users want to carry them • Always in hand • Always connected • Convenient • Support work / personal balance
• Deployment / use continues to grow at an outstanding pace
• Computing power means they are multi-purpose
WHAT CAN IT DO?
Mobile devices can easily be provisioned with additional or temporary authenticators
Soft Token
OOB Transaction Verification
SMS OTP eGrid
Mobile as a smart card
MANY USE CASES
Multi-purpose Identity • Physical access • Logical access
• Windows logon
• VPN & Web apps
• Cloud applications
• Digital Signatures • Encryption
• Defeat malware & session riding attacks
CONCLUSION
May 24, 2013 © Entrust Inc. All Rights Reserved. 25
Security Threats and Risks Growing IAM Will get harder
Mobile is Here to Stay… so leverage it!
More convenient
More secure
More cost effective